No More Apple Encryption Backdoor; US Says UK is Dropping Its ADP Demand

Apple’s “Advanced Data Protection” (ADP) feature, which protects device cloud storage to such a degree that Apple themselves and any other third party cannot possibly force their way in, may be coming back to the UK at some point. US intelligence chief Tulsi Gabbard announced that the UK has dropped its requirement that Apple insert an encryption backdoor in the service, though there has not yet been any formal comment on the development by either party.

Gabbard indicated that the change was prompted by discussions with US officials including Donald Trump and vice president JD Vance, who have both previously issued highly critical statements of the encryption backdoor plan. The move might have violated data sharing terms agreed upon by the two countries in the Data Access Agreement and the CLOUD Act, something that Gabbard had previously indicated the country’s intelligence agencies had been directed to review.

Path cleared for ADP return to UK, but no word yet from government or Apple

The development is unquestionably a victory for both Apple individually and internet privacy in general, but at this point there is no word yet about the timeline for a return of the ADP feature to the UK. Apple removed it from the region in February of this year shortly after news stories of the secret encryption backdoor order went to print. The company had been scheduled for an early 2026 appeal of the order, and it is also unclear if this is still going forward in any way.

Gabbard made the announcement as UK PM Keir Starmer and many other European leaders visited the US for a meeting on the Russian invasion of Ukraine and the prospects of a peace deal. Trump and Vance have not directly weighed in yet, but have previously come out strongly against the encryption backdoor plan.

Most of the pressure on Apple to provide backdoor access has previously come from the US, particularly the FBI under the Obama and first Trump administration. Those cases involved providing a means to forcibly unlock an individual phone of a suspect in custody, however, rather than the sort of widespread encryption backdoor that the UK proposed. The US otherwise has a long history of distaste for the idea of hardware or software backdoors, both in terms of tech industry resistance and the opinions of cybersecurity and privacy advocates.

UK retains power to demand encryption backdoors in secret

While the Apple case is good news, it changes nothing about the UK government’s capability under the Investigatory Powers Act 2016 (IPA) or previous expressions of desire to have widespread encryption backdoors for law enforcement. The government can still issue similar Technical Capability Notices (TCN) and bar both the subject and any media sources with knowledge of the order from mentioning anything about it in public.

It thus remains very difficult to know when (or to whom) a TCN has been issued. As the Apple case demonstrated, this only comes to public light if anonymous whistleblowers go to the media or the recipient successfully gets a UK judge to rule that the details should not remain private as part of the appeals process.

The UK faces very strong headwinds in making any similar demands of other tech companies, however. In addition to very strong cybersecurity and privacy resistance, there are now numerous real-world examples of encryption backdoors failing and being weaponized by hostile actors (from the Clipper Chip to RSA’s issues). It is unclear if the UK government is seriously re-assessing its overall position on encryption demands, however, but it will be a good sign if ADP is enabled in the UK once again.